Directions in Incident Detection and Response

Richard Bejtlich leads a conversation on how incident detection and response (IDR) teams' focus on detecting and preventing attacks has moved from targeting OSs to unauthorized-access-application functionality and data. He discusses why this makes IDR so much more difficult and what these new targets mean for IDR. Department editors Gunnar Peterson and John Steven respond with tactics on how application security teams can help.